Reuters is reporting that a security flaw in Twitter exposes users’ login credentials. It’s related to a known vulnerability in the Adobe Flash programming language. From the article:
Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, he added, but noted the operators of many websites have failed to respond to the warnings from Adobe.
Some of the comments I’ve seen are wondering why Twitter hasn’t fixed this. I was starting to wonder why the flaw still exists in the Flash programming language, then I realized Adobe can’t be responsible for programmers’ not keeping up.
I’m not an Adobe fan (I don’t use the Acrobat reader on any of my machines and I use Flash only because there’s not much point to surfing the web without it), but I have to say that Adobe has gotten a lot of undeserved bad press lately. The attack on attack on Gmail attributed to China was first attributed to a flaw in the Acrobat Reader, but later found to depend on a flaw in Internet Explorer.
Although the Reuters story didn’t mention this, if I used Twitter, I’d change my password.